SpringCloud使用Security认证框架

已于 2023-03-07 15:39:57 修改
阅读量629 收藏
点赞数
文章标签: spring cloud java spring
于 2023-03-07 15:21:27 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qwczf/article/details/129382499
版权

目录

1.根据用户名查询返回用户对象(user模块)

 2.依赖

3.配置文件

        1.config

        2.util

4.实现

        1.声明接口

        2.实现接口

        3.controller

5.application.yml

6.公钥与私钥

        1.oauth模块私钥

        2.user模块公钥(代码要在一行)

1.根据用户名查询返回用户对象(user模块)

public UserDto info(String username)

 2.依赖

        1.oauth模块

<dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.mybatis.spring.boot</groupId>
            <artifactId>mybatis-spring-boot-starter</artifactId>
            <version>1.1.1</version>
        </dependency>

        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-data</artifactId>
        </dependency>

        <!-- <dependency>
             <groupId>org.springframework.cloud</groupId>
             <artifactId>spring-cloud-starter-oauth2</artifactId>
         </dependency>-->

        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework.security.oauth.boot</groupId>
                    <artifactId>spring-security-oauth2-autoconfigure</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
            <version>2.1.3.RELEASE</version>
        </dependency>


        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>

        <dependency>
            <groupId>com.zb</groupId>
            <artifactId>shop_user_api</artifactId>
            <version>1.0-SNAPSHOT</version>
        </dependency>

    </dependencies>

        2.user依赖

    <dependencies>
        <dependency>
            <groupId>com.zb</groupId>
            <artifactId>shop_user_api</artifactId>
            <version>1.0-SNAPSHOT</version>
        </dependency>
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <scope>runtime</scope>
        </dependency>
        <!--mybatis-plus 是自己开发的,非官方的!-->
        <dependency>
            <groupId>com.baomidou</groupId>
            <artifactId>mybatis-plus-boot-starter</artifactId>
            <version>3.3.1.tmp</version>
        </dependency>


        <dependency>
            <groupId>io.jsonwebtoken</groupId>
            <artifactId>jjwt</artifactId>
            <version>0.9.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-data</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-oauth2</artifactId>
            <exclusions>
                <exclusion>
                    <groupId>org.springframework.security.oauth.boot</groupId>
                    <artifactId>spring-security-oauth2-autoconfigure</artifactId>
                </exclusion>
            </exclusions>
        </dependency>

        <dependency>
            <groupId>org.springframework.security.oauth.boot</groupId>
            <artifactId>spring-security-oauth2-autoconfigure</artifactId>
            <version>2.1.3.RELEASE</version>
        </dependency>


        <dependency>
            <groupId>org.springframework.cloud</groupId>
            <artifactId>spring-cloud-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-actuator</artifactId>
        </dependency>

    </dependencies>

3.配置文件

        1.config

        1.AuthorizationServerConfig

package com.zb.oauth.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.bootstrap.encrypt.KeyProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.client.JdbcClientDetailsService;
import org.springframework.security.oauth2.provider.token.DefaultAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;
import org.springframework.security.oauth2.provider.token.store.JwtTokenStore;
import org.springframework.security.oauth2.provider.token.store.KeyStoreKeyFactory;

import javax.annotation.Resource;
import javax.sql.DataSource;
import java.security.KeyPair;


@Configuration
@EnableAuthorizationServer
class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {
    //数据源,用于从数据库获取数据进行认证操作,测试可以从内存中获取
    @Autowired
    private DataSource dataSource;
    //jwt令牌转换器
    @Autowired
    private JwtAccessTokenConverter jwtAccessTokenConverter;
    //SpringSecurity 用户自定义授权认证类
    @Autowired
    UserDetailsService userDetailsService;
    //授权认证管理器
    @Autowired
    AuthenticationManager authenticationManager;
    //令牌持久化存储接口
    @Autowired
    TokenStore tokenStore;
    @Autowired
    private CustomUserAuthenticationConverter customUserAuthenticationConverter;

    /***
     * 客户端信息配置
     * @param clients
     * @throws Exception
     */
    @Override
    public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
        clients.jdbc(dataSource).clients(this.clientDetails());
//        clients.inMemory()
//                .withClient("changgou")          //客户端id
//                .secret("changgou")                      //秘钥
//                .redirectUris("http://localhost")       //重定向地址
//                .accessTokenValiditySeconds(3600)          //访问令牌有效期
//                .refreshTokenValiditySeconds(3600)         //刷新令牌有效期
//                .authorizedGrantTypes(
//                        "authorization_code",          //根据授权码生成令牌
//                        "client_credentials",          //客户端认证
//                        "refresh_token",                //刷新令牌
//                        "password")                     //密码方式认证
//                .scopes("app");                         //客户端范围,名称自定义,必填
    }

    /***
     * 授权服务器端点配置
     * @param endpoints
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
        endpoints.accessTokenConverter(jwtAccessTokenConverter)
                .authenticationManager(authenticationManager)//认证管理器
                .tokenStore(tokenStore)                       //令牌存储
                .userDetailsService(userDetailsService);     //用户信息service
    }

    /***
     * 授权服务器的安全配置
     * @param oauthServer
     * @throws Exception
     */
    @Override
    public void configure(AuthorizationServerSecurityConfigurer oauthServer) throws Exception {
        oauthServer.allowFormAuthenticationForClients()
                .passwordEncoder(new BCryptPasswordEncoder())
                .tokenKeyAccess("permitAll()")
                .checkTokenAccess("isAuthenticated()");
    }


    //读取密钥的配置
    @Bean("keyProp")
    public KeyProperties keyProperties() {
        return new KeyProperties();
    }

    @Resource(name = "keyProp")
    private KeyProperties keyProperties;

    //客户端配置
    @Bean
    public ClientDetailsService clientDetails() {
        return new JdbcClientDetailsService(dataSource);
    }

    @Bean
    @Autowired
    public TokenStore tokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
        return new JwtTokenStore(jwtAccessTokenConverter);
    }

    /****
     * JWT令牌转换器
     * @param customUserAuthenticationConverter
     * @return
     */
    @Bean
    public JwtAccessTokenConverter jwtAccessTokenConverter(CustomUserAuthenticationConverter customUserAuthenticationConverter) {
        JwtAccessTokenConverter converter = new JwtAccessTokenConverter();
        KeyPair keyPair = new KeyStoreKeyFactory(
                keyProperties.getKeyStore().getLocation(),                          //证书路径 changgou.jks
                keyProperties.getKeyStore().getSecret().toCharArray())              //证书秘钥 changgouapp
                .getKeyPair(
                        keyProperties.getKeyStore().getAlias(),                     //证书别名 changgou
                        keyProperties.getKeyStore().getPassword().toCharArray());   //证书密码 changgou
        converter.setKeyPair(keyPair);
        //配置自定义的CustomUserAuthenticationConverter
        DefaultAccessTokenConverter accessTokenConverter = (DefaultAccessTokenConverter) converter.getAccessTokenConverter();
        accessTokenConverter.setUserTokenConverter(customUserAuthenticationConverter);
        return converter;
    }
}

        2.CustomUserAuthenticationConverter

package com.zb.oauth.config;

import com.zb.oauth.util.UserJwt;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.oauth2.provider.token.DefaultUserAuthenticationConverter;
import org.springframework.stereotype.Component;

import java.util.LinkedHashMap;
import java.util.Map;

@Component
public class CustomUserAuthenticationConverter extends DefaultUserAuthenticationConverter {

    @Autowired
    UserDetailsService userDetailsService;

    @Override
    public Map<String, ?> convertUserAuthentication(Authentication authentication) {
        LinkedHashMap response = new LinkedHashMap();
        String name = authentication.getName();
        response.put("username", name);

        Object principal = authentication.getPrincipal();
        UserJwt userJwt = null;
        if(principal instanceof  UserJwt){
            userJwt = (UserJwt) principal;
        }else{
            //refresh_token默认不去调用userdetailService获取用户信息,这里我们手动去调用,得到 UserJwt
            UserDetails userDetails = userDetailsService.loadUserByUsername(name);
            userJwt = (UserJwt) userDetails;
        }
        response.put("name", userJwt.getName());
        response.put("id", userJwt.getId());
        //公司 response.put("compy", "songsi");
        if (authentication.getAuthorities() != null && !authentication.getAuthorities().isEmpty()) {
            response.put("authorities", AuthorityUtils.authorityListToSet(authentication.getAuthorities()));
        }
        return response;
    }

}

        3.UserDetailsServiceImpl

package com.zb.oauth.config;

import com.zb.client.TbUserFeignClient;
import com.zb.dto.UserDto;
import com.zb.oauth.util.UserJwt;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.stereotype.Service;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

/*****
 * 自定义授权认证类
 */
@Service
public class UserDetailsServiceImpl implements UserDetailsService {

    @Autowired
    ClientDetailsService clientDetailsService;

    @Autowired
    private TbUserFeignClient userFeignClient;

    /****
     * 自定义授权认证
     * @param username
     * @return
     * @throws UsernameNotFoundException
     */
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        //取出身份,如果身份为空说明没有认证
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        //没有认证统一采用httpbasic认证,httpbasic中存储了client_id和client_secret,开始认证client_id和client_secret
        if (authentication == null) {
            ClientDetails clientDetails = clientDetailsService.loadClientByClientId(username);
            if (clientDetails != null) {
                //秘钥
                String clientSecret = clientDetails.getClientSecret();
                //静态方式
//                return new User(username,new BCryptPasswordEncoder().encode(clientSecret), AuthorityUtils.commaSeparatedStringToAuthorityList(""));
                //数据库查找方式
                return new User(username, clientSecret, AuthorityUtils.commaSeparatedStringToAuthorityList(""));
            }
        }

        if (StringUtils.isEmpty(username)) {
            return null;
        }

        UserDto info = userFeignClient.info(username);

        if (ObjectUtils.isEmpty(info)) {
            return null;
        }

        //根据用户名查询用户信息
        String pwd = info.getPassword();
        //创建User对象
        //用户权力
        String permissions = "goods_list,seckill_list";


        UserJwt userDetails = new UserJwt(username, pwd, AuthorityUtils.commaSeparatedStringToAuthorityList(permissions));


        return userDetails;
    }
}

        4.WebSecurityConfig

package com.zb.oauth.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
@Order(-1)
class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    /***
     * 忽略安全拦截的URL
     * @param web
     * @throws Exception
     */
    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
                "/auth/login/**",
                "/user/logout");
    }

    /***
     * 创建授权管理认证对象
     * @return
     * @throws Exception
     */
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        AuthenticationManager manager = super.authenticationManagerBean();
        return manager;
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        super.configure(auth);
    }

    /***
     * 采用BCryptPasswordEncoder对密码进行编码
     * @return
     */
    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    /****
     *
     * @param http
     * @throws Exception
     */
    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.csrf().disable()
                .httpBasic()        //启用Http基本身份验证
                .and()
                .formLogin()       //启用表单身份验证
                .and()
                .authorizeRequests()    //限制基于Request请求访问
                .anyRequest()
                .authenticated();       //其他请求都需要经过验证

    }
}

        2.util

        1.AuthToken

package com.zb.oauth.util;

import java.io.Serializable;


public class AuthToken implements Serializable{

    //令牌信息
    String accessToken;
    //刷新token(refresh_token)
    String refreshToken;
    //jwt短令牌
    String jti;

    public String getAccessToken() {
        return accessToken;
    }

    public void setAccessToken(String accessToken) {
        this.accessToken = accessToken;
    }

    public String getRefreshToken() {
        return refreshToken;
    }

    public void setRefreshToken(String refreshToken) {
        this.refreshToken = refreshToken;
    }

    public String getJti() {
        return jti;
    }

    public void setJti(String jti) {
        this.jti = jti;
    }
}

4.实现

        1.声明接口

        

public AuthToken login(String username, String passwd, String clientId, String clientSecret);

        2.实现接口

        

package com.zb.oauth.service.impl;

import com.zb.oauth.service.AuthService;
import com.zb.oauth.util.AuthToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.cloud.client.ServiceInstance;
import org.springframework.cloud.client.discovery.DiscoveryClient;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Service;
import org.springframework.util.Base64Utils;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.web.client.RestTemplate;

import java.util.List;
import java.util.Map;

@Service
public class AutoServiceImpl implements AuthService {


    @Autowired
    private RestTemplate restTemplate;

    @Autowired
    private DiscoveryClient discoveryClient;

    @Override
    public AuthToken login(String username, String passwd, String clientId, String clientSecret) {
        List<ServiceInstance> instances = discoveryClient.getInstances("user-auth");
        ServiceInstance serviceInstance = instances.get(0);
        String url = "http://" + serviceInstance.getHost() + ":" + serviceInstance.getPort() + "/oauth/token";
        System.out.println("============>" + url);
        LinkedMultiValueMap<String, String> body = new LinkedMultiValueMap<String, String>();
        body.add("grant_type", "password");
        body.add("username", username);
        body.add("password", passwd);
        LinkedMultiValueMap<String, String> header = new LinkedMultiValueMap<String, String>();
        header.add("Authorization", myEncoder(clientId, clientSecret));
        try {
            ResponseEntity<Map> response = restTemplate.exchange(url, HttpMethod.POST, new HttpEntity<>(body, header), Map.class);
            Map map = response.getBody();
            System.out.println(map);
            AuthToken authToken = new AuthToken();
            authToken.setAccessToken(map.get("access_token").toString());
            authToken.setJti(map.get("jti").toString());
            authToken.setRefreshToken(map.get("refresh_token").toString());
            return authToken;
        } catch (Exception e) {
            e.printStackTrace();
        }
        return null;
    }

    private String myEncoder(String clientId, String clientSecret) {
        String str = clientId + ":" + clientSecret;
        byte[] encode = Base64Utils.encode(str.getBytes());
        return "Basic " + new String(encode);
    }

}

        3.controller

        

package com.zb.oauth.controller;

import com.zb.oauth.service.AuthService;
import com.zb.oauth.util.AuthToken;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/auth")
public class AuthController {

    @Value("${auth.clientId}")
    private String clientId;
    @Value("${auth.clientSecret}")
    private String clientSecret;

    @Autowired
    private AuthService authService;

    @PostMapping("/login")
    public AuthToken login(@RequestParam("username") String username, @RequestParam("passwd") String passwd) {
        return authService.login(username, passwd, clientId, clientSecret);

    }
}

5.application.yml

server:
  port: 9200
spring:
  application:
    name: user-auth
  datasource:
    driver-class-name: com.mysql.jdbc.Driver
    url: jdbc:mysql://127.0.0.1:3306/shop_oauth?useUnicode=true&characterEncoding=utf-8&useSSL=false&allowMultiQueries=true&serverTimezone=UTC
    username: root
    password: ok
  main:
    allow-bean-definition-overriding: true
  cloud:
    nacos:
      discovery:
        server-addr: 127.0.0.1:8848
auth:
  ttl: 3600  #token存储到redis的过期时间
  clientId: accp
  clientSecret: accp
  cookieDomain: localhost
  cookieMaxAge: -1
encrypt:
  key-store:
    location: classpath:/wfshop.jks
    secret: wfshop
    alias: wfshop
    password: wfshop

6.公钥与私钥

        1.oauth模块私钥

        2.user模块公钥(代码要在一行)

-----BEGIN PUBLIC KEY-----MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAkWE6joCg8AkA2MeNm3OM7urdIS3wtoNzscU1pioPwYxgbwIRn/AJ1Cjsd4rIMo0PVFOr+VR9U1DTZMPvwyd8QtJMSbWxyqfzKAnUZzh/dJ5bzbO/VSKJ/1W5vErrdU7u/iONkGpCOjZsyd6FrHJgUHOKEBiRtJC6/g39Rdsq6xrDunqlZK2ZchmkMMnn0GNCtA5RaXWNg0WWj0Ul5wCrm2s91jVdYqdP6UP51xTa3H98ReqEtop4D/QvAoSaFZHDBAnL9hPl0OOHsE/KTdf2m7KZcHnaAqEMfja7axbSbhz5HgcOJcrN3aUQVcGYHwdt9QLfhnJ5NBOy4+WpgTRwIDAQAB-----END PUBLIC KEY-----

请我吃早饭
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
Spring Securiy +aouth2.0+jwt整合,实现鉴权登录
m0_59054066的博客
09-27 793
鉴权业务层 AuthorizationServerConfig类: package com.changgou.oauth.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cloud.bootstrap.encrypt.KeyProperties; import org.springframework.context.annotation.Be.
Spring Cloud Gateway 整合 Spring Security 统一登录认证鉴权
02-24
Spring Security 则是 Java 开发中广泛使用安全框架,用于实现认证和授权。当我们将这两者结合时,我们可以创建一个强大的统一登录认证鉴权系统。 首先,让我们深入了解Spring Cloud Gateway。这是一个基于...
SpringCloud整合Shiro或Security安全框架的处理方法
weixin_53690059的博客
09-09 2181
SpringCloud整合Shiro或Security安全框架的处理方法
Spring Cloud Security
java大神起床啦
04-13 2189
Spring Cloud Security
SpringCloud如何实现SSO单点登录?
最新发布
as230627的博客
05-30 950
Eureka是Spring Cloud中的服务发现组件,Spring Session是一个用于管理用户会话的库。通过结合使用Eureka和Spring Session,可以实现会话共享,从而实现SSO。
spring-cloud-starter-securityspring-cloud-starter-oauth2
qq_30359369的博客
12-02 2万+
之前学过spring-security,最近又在学习spring-cloud-starter-securityspring-cloud-starter-oauth2, 脑子里顿时冒出一个问题: 之前学的spring-security和最近学的spring-cloud-starter-security有什么关系, spring-cloud-starter-securityspring-clou......
SpringCloud(part11) Spring Security详解
javazht的博客
06-03 1352
1.Spring Security简介 什么是Spring Security Spring Security采用安全层的概念,使得controller,Service,dao层等以注解的方式来保护应用程序的安全Spring Security提供了细粒度的权限控制,可以精细到每一个API接口,每一个业务方法,或者每一个操作数据库的DAO层方法。Spring Security提供的是应用程序层的安...
springsecurity安全框架
如果你想拥有更多的人生选择,你必须拥有更多的知识。-- 来自u011437883的博客
05-03 276
安全框架 apache shiro 比较简单易用,不依赖于spring,应用场景:传统SSM项目。 springsecurity 比较复杂,功能较强大,属于spring框架技术,应用场景:springboot+springcloud springsecurity框架内容: springsecurity基础入门 jwt+sprinsecurity 组合,多用于微服务分布式开发中 jwt+springsecurity+springcloud jwt+springsecurity+springcl
springcloudgateway+security vue token
08-02
在构建现代微服务架构时,Spring Cloud Gateway 和 Spring Security 是两个关键组件,它们与 Vue.js 结合使用可以创建一个安全的、高效的API网关。让我们深入探讨这些技术及其相互作用。 **Spring Cloud Gateway** ...
Spring Cloud 集成OAuth2实现身份认证和单点登录
07-20
本篇将深入探讨如何利用Spring Cloud集成OAuth2来实现身份认证和单点登录(Single Sign-On,简称SSO)。 OAuth2是一种授权框架,它允许第三方应用获取资源所有者的特定资源,同时保护了资源所有者的隐私信息。在...
spring-cloud-security例子
04-04
本文将深入探讨Spring Cloud Security在用户身份认证和权限管理方面的应用,以"spring-cloud-security例子"为基础,结合spring-boot-security-master项目,详细阐述其核心概念和技术实现。 一、用户身份认证 1.1 ...
SpringCloud全套实战框架
01-21
SpringCloud全套实战框架》是针对企业级微服务架构的一套综合教程,涵盖了SpringBoot、SpringCloud、TX-LCN、OAuth2、Security以及Redis和MySQL等多个核心组件和技术。本框架旨在帮助开发者构建高可用、高性能的...
(九)Spring Securityspring-cloud-starter-oauth2)应用详解------JWT令牌------数据库存储
大佬味的小男孩的博客https://www.yuque.com/dalaoweidexiaonanhai
01-31 790
前提:在看完这两篇文章的基础上再进行本篇文章的开发 (七)Spring Securityspring-cloud-starter-oauth2)应用详解 (八)Spring Securityspring-cloud-starter-oauth2)应用详解 通过上边的测试我们发现,当资源服务和授权服务不在一起时,资源服务使用RemoteTokenServices 远程请求授权服务验证token,如果访问量较大将会影响系统的性能 。 解决上边问题: 令牌采用JWT格式即可解决上边的问题,用户认证通过会得
Spring Security 认证研究
weixin_60257072的博客
01-18 1603
FilterChainProxy是一个代理,真正起作用的是FilterChainProxy中SecurityFilterChain所包含的各个Filter,同时这些Filter作为Bean被Spring管理,它们是Spring Security核心,各有各的职责,但他们并不直接处理用户的。用于处理来自表单提交的认证。当访问以/r/开头的url时会判断用户是否认证,如果没有认证则跳转到登录页面,如果已经认证则判断用户是否具有该URL的访问权限,如果具有该URL的访问权限则继续,否则拒绝访问。
SpringCloud——安全认证Security
热门推荐
默存
09-28 6万+
一、SpringCloud Security简介 Spring Cloud Security提供了一组原语,用于构建安全的应用程序和服务,而且操作简便。可以在外部(或集中)进行大量配置的声明性模型有助于实现大型协作的远程组件系统,通常具有中央身份管理服务。它也非常易于在Cloud Foundry等服务平台中使用。在Spring Boot和Spring Security OAu...
spring cloud系列介绍(Spring Cloud Security
nbspzs的专栏
09-26 201
【代码】spring cloud系列介绍(Spring Cloud Security
Spring Cloud Netflix 面试题(总结最全面的面试题!!!)
小杰爱吃蛋的博客
04-12 3万+
文章目录什么是微服务架构为什么需要学习Spring CloudSpring Cloud 是什么SpringCloud的优缺点SpringBoot和SpringCloud的区别?Spring CloudSpringBoot版本对应关系SpringCloud由什么组成使用 Spring Boot 开发分布式微服务时,我们面临什么问题Spring Cloud 和dubbo区别?Eureka服务注册和发...
spring-cloud-starter-oauth2使用
yx444535180的专栏
07-02 7269
**OAuth2主要用于校验客户端合法性、产生token、校验token** **Sercurity主要用于用户名密码校验、接口权限控制** 因此OAuth2与Sercurity整合之后,校验顺序: 校验客户端合法性——校验用户名密码——产生token——校验token——校验接口权限............
springcloud gateway集成springsecuity进行认证和授权
04-30
Spring Cloud Gateway 是 Spring Cloud 的微服务网关,可以用来实现路由转发、请求过滤、熔断限流、认证授权等功能。而 Spring SecuritySpring安全框架,可以实现用户认证、角色授权等功能。将两者结合起来,可以实现在网关层进行认证和授权,保护后端微服务的安全。 下面是 Spring Cloud Gateway 集成 Spring Security 进行认证和授权的步骤: 1. 引入依赖 在 pom.xml 文件中添加以下依赖: ``` <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-gateway</artifactId> </dependency> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-security</artifactId> </dependency> ``` 2. 配置 Spring SecuritySpring Security 的配置类中配置认证和授权规则,例如: ``` @Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/admin/**").hasRole("ADMIN") .antMatchers("/user/**").hasAnyRole("ADMIN", "USER") .anyRequest().authenticated() .and() .httpBasic(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService); } } ``` 3. 配置 GatewayFilterFactory 在 GatewayFilterFactory 中添加 Spring Security 的过滤器,例如: ``` @Component public class AuthGatewayFilterFactory extends AbstractGatewayFilterFactory<AuthGatewayFilterFactory.Config> { @Autowired private ReactiveUserDetailsService userDetailsService; public AuthGatewayFilterFactory() { super(Config.class); } @Override public GatewayFilter apply(Config config) { return (exchange, chain) -> { return exchange.getPrincipal() .cast(Authentication.class) .flatMap(auth -> authorizeRequest(exchange, chain, auth)) .switchIfEmpty(Mono.error(new AuthorizationDeniedException("Unauthorized"))); }; } private Mono<Void> authorizeRequest(ServerWebExchange exchange, GatewayFilterChain chain, Authentication auth) { AuthorizationDecision decision = new AuthorizationDecision( auth.isAuthenticated() && auth.getAuthorities().stream() .anyMatch(granted -> granted.getAuthority().equals("ROLE_ADMIN"))); return decision.isGranted() ? chain.filter(exchange) : Mono.error(new AuthorizationDeniedException("Unauthorized")); } public static class Config { // 这里可以添加一些配置参数 } } ``` 其中,`AuthGatewayFilterFactory` 是一个自定义的 GatewayFilterFactory,用来添加 Spring Security 的过滤器。`authorizeRequest` 方法中实现了认证和授权的逻辑,判断用户是否有访问权限。 4. 配置路由规则 在 application.yml 文件中配置路由规则,例如: ``` spring: cloud: gateway: routes: - id: admin-service uri: lb://admin-service predicates: - Path=/admin/** filters: - Auth=ROLE_ADMIN - id: user-service uri: lb://user-service predicates: - Path=/user/** filters: - Auth=ROLE_USER ``` 其中,`Auth=ROLE_ADMIN` 和 `Auth=ROLE_USER` 是在 `AuthGatewayFilterFactory` 中添加的过滤器名称。 通过以上步骤,就可以实现 Spring Cloud Gateway 集成 Spring Security 进行认证和授权的功能。在路由转发之前,会先进行用户认证和授权,保护后端微服务的安全
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值